diff mbox

python/sepolgen: Try to translate SELinux contexts to raw

Message ID 20180411092628.7178-1-vmojzis@redhat.com (mailing list archive)
State Not Applicable
Headers show

Commit Message

Vit Mojzis April 11, 2018, 9:26 a.m. UTC 
This allows sepolgen to generate policy from AVC messages that contain
contexts translated by mcstrans.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1356149

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 python/sepolgen/src/sepolgen/refpolicy.py | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Stephen Smalley April 11, 2018, 5:37 p.m. UTC | #1 
On 04/11/2018 05:26 AM, Vit Mojzis wrote:
> This allows sepolgen to generate policy from AVC messages that contain
> contexts translated by mcstrans.
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1356149

Not friendly to cite a non-public bugzilla.

> 
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
> ---
>  python/sepolgen/src/sepolgen/refpolicy.py | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
> index 2ee029c1..352b1878 100644
> --- a/python/sepolgen/src/sepolgen/refpolicy.py
> +++ b/python/sepolgen/src/sepolgen/refpolicy.py
> @@ -284,6 +284,11 @@ class SecurityContext(Leaf):
>  
>          Raises ValueError if the string is not parsable as a security context.
>          """
> +        # try to translate the context string to raw form
> +        raw = selinux.selinux_trans_to_raw_context(context)
> +        if raw[0] == 0:
> +            context = raw[1]
> +
>          fields = context.split(":")
>          if len(fields) < 3:
>              raise ValueError("context string [%s] not in a valid format" % context)
>
diff mbox

Patch

diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
index 2ee029c1..352b1878 100644
--- a/python/sepolgen/src/sepolgen/refpolicy.py
+++ b/python/sepolgen/src/sepolgen/refpolicy.py
@@ -284,6 +284,11 @@  class SecurityContext(Leaf):
 
         Raises ValueError if the string is not parsable as a security context.
         """
+        # try to translate the context string to raw form
+        raw = selinux.selinux_trans_to_raw_context(context)
+        if raw[0] == 0:
+            context = raw[1]
+
         fields = context.split(":")
         if len(fields) < 3:
             raise ValueError("context string [%s] not in a valid format" % context)